SEL-3025 Serial Shield Serial Cryptographic Transceiver
12Pages

{{requestButtons}}

Catalog excerpts

SEL-3025 Serial Shield Serial Cryptographic Transceiver - 1

SEL-3025 Serial Shield Serial Cryptographic Transceiver Secure SCADA Communication The SEL-3025 Serial Shield®, an EIA-232 bump-in-the-wire serial cryptographic transceiver, protects meters, protective relays, programmable logic controllers (PLCs), remote terminal units (RTUs), and computers from unauthorized access, control, eavesdropping, and malicious attack by authenticating and encrypting all serial data communications. The SEL-3025 is ideal for protecting dial-up connections with identity-based access control. Major Features and Benefits ➤ Strong Protection for Serial Links. Apply the SEL-3025 with all standard point-to-point, multidrop, and many-to-many serial communication architectures. The SEL-3025 comes preconfigured for quick DNP3, Modbus® RTU, Conitel, Redac, Tejas, and Van-Comm setting, and it secures all other byte-oriented data through custom settings. FIPS 140-2 Level 2 Validated Cryptographic Serial Protocols. Match system requirements to the appropriate level of protection with two options: full message authentication with encryption or session authentication and streaming encryption. ➣ Message authentication with encryption. Secure SCADA Communication Protocol (SSCP) is best for engineering access. Order the SSCP module when you need to authenticate every data packet on your serial link. SSCP can also provide strong encryption through the use of NISTapproved Advanced Encryption Standard (AES) encryption with strong 128-bit or 256-bit keys. ➣ Low-latency streaming encryption. Streaming Encryption Protocol (SEP) is best for SCADA and real-time protection. Order SEP when you are protecting data for systems, such as SCADA, metering, and protection, that require time-critical communications. Seamless Integration. Retrofit existing serial communications systems easily with the SEL-3025 simple bump-in-the-wire design, or upgrade existing modems and radios to crypto-modems and cryptoradios. Individual User Accountability. Secure all your dial-up modems with identity-based access controls and reports that you can manage centrally. Web-Based Configuration. Set up and manage configuration of both local and remote units with a secure web interface that allows for intuitive and simple setup and management through the use of a web browser. Schweitzer Engineering Laboratories, Inc.

Open the catalog to page 1
SEL-3025 Serial Shield Serial Cryptographic Transceiver - 2

Import/Export Configuration File. Quickly generate back-up configuration files and restore settings with a secure file transfer. User-Based Access Control. Enforce strong access controls and individual user accountability with user-based security for the web-based management interface. Central Management. Centrally manage the SEL-3025 through ACSELERATOR QuickSet® SEL-5030 Software or take the next step and fully automate central management through ACSELERA™ TOR TEAM SEL-5045 Software. Syslog. Log events with Syslog for consistency, compatibility, and centralized collection. Reliability....

Open the catalog to page 2
SEL-3025 Serial Shield Serial Cryptographic Transceiver - 3

device and untrusted communications path at the master location and install a peer SEL-3025 Serial Shield between the remote device and untrusted communications path at the remote location to provide a secure communications link over an untrusted communications channel. With the SEL-3025 Serial Shield, legitimate communication still flows seamlessly between the master and remote devices. The transceivers block all unauthorized access to the protected master and remote IEDs. The SSCP protocol is a byte-oriented protocol that offers the strong encryption and message authentication features...

Open the catalog to page 3
SEL-3025 Serial Shield Serial Cryptographic Transceiver - 4

Setup and Management The SEL-3025 Serial Shield incorporates an Ethernet port that you can use to access the web interface for configuration and management. The web interface uses Transport Layer Security (TLS) to secure communications with HTTPS. Each SEL-3025 Serial Shield holds a server-side X.509 certificate to authenticate itself to incoming session requests, while users authenticate through individually assigned usernames and passwords. This establishes a mutually authenticated connection. This secure operator interface allows system operators to monitor the local and remote interface...

Open the catalog to page 4
SEL-3025 Serial Shield Serial Cryptographic Transceiver - 5

ter and remote sites. The master cryptographic transceiver coordinates the exchange of session keys with each remote cryptographic transceiver in the system. This coordinated exchange of session keys avoids data collisions while ensuring that a unique cryptographic key authenticates and protects each connection. Many common SCADA systems are configured in a multidrop network architecture in which several devices share a channel. On such a channel, the communications protocol must be designed to avoid collisions and transmission errors that occur when multiple devices attempt to transmit on...

Open the catalog to page 5
SEL-3025 Serial Shield Serial Cryptographic Transceiver - 6

SSCP is a cryptographic protocol that we can use to authenticate and encrypt information exchanged over untrusted communications channels. SCADA messages are encapsulated in SSCP packets, which are then sent over the communications path to the remote SEL-3025 Serial Shield specified in the DESTINATION field of the SSCP packet header. The remote SEL-3025 Serial Shield validates the received SSCP packet and extracts the data to be sent to the attached device (IED, RTU, PLC, etc.). The SEL-3025 logs and reports as errors any unauthenticated packets and blocks passage of the command in...

Open the catalog to page 6
SEL-3025 Serial Shield Serial Cryptographic Transceiver - 7

Streaming Encryption Protocol The Streaming Encryption Protocol uses the Advanced Encryption Standard (AES) algorithm with a key length of 256 bits. The National Institute of Standards and Technology (NIST) has approved this algorithm as a secure means of encrypting data. The design of the SEL-3025 random number generator (RNG) used for key generation ensures that all 1.2 • 1077 possible key values are equally likely. It is widely accepted throughout the cryptographic community that it is not realistically possible to mount a successful brute force (key guessing) attack on a 256-bit key...

Open the catalog to page 7
SEL-3025 Serial Shield Serial Cryptographic Transceiver - 8

The pair of SEL-3025 transceivers introduces two byte times of latency to the communications path (one per device) as a result of buffering in the reception Universal Asynchronous Receiver/Transmitter's (UARTs). For most common SCADA protocols, the SEL-3025 will add only 3 bytes of cryptographic overhead to each frame. These two effects combine to introduce five byte times of communications latency. Table 2 shows the approximate latency introduced by a pair of SEL-3025 transceivers for an EIA-232 configuration with a single start bit and a single stop bit. Table 2 Communications Latency The...

Open the catalog to page 8

All Schweitzer Engineering Laboratories catalogs and technical brochures

  1. SEL-C662

    1 Pages

  2. 2019 CATALOG

    248 Pages

  3. 2018 CATALOG

    374 Pages

Archived catalogs